Actively exploited in the wild, this command injection vulnerability in LiteLLM allows attackers to achieve remote code execution on the host system.

This is a command injection vulnerability within the MCP server test endpoints. Authenticated users can execute arbitrary commands on the host, and when chained with a Starlette host header validation bypass (CVE-2026-48710), it results in unauthenticated remote code execution.

With a CVSS score of 8.8 and confirmed active exploitation, this vulnerability poses an extreme business risk. Attackers can gain complete control over the AI gateway infrastructure, leading to potential lateral movement, data theft, and the deployment of malicious payloads.

Immediate Action: Update LiteLLM to version 1.83.7 immediately to mitigate the command injection risk.

Proactive Monitoring: Monitor system logs for unauthorized process execution and unexpected network outbound connections originating from the LiteLLM service.

Compensating Controls: Use a WAF or reverse proxy to strictly validate host headers and sanitize incoming requests to the MCP server endpoints.

Public Exploit Available: true

Given the active exploitation and the severity of the impact, this update is critical. All affected organizations should treat this as a top-tier security priority and verify system integrity for signs of previous unauthorized access.